Privacy Policy
Version 1 — DRAFT · 2026-05-06
This policy is in draft pending the operating-entity decision. The data practices below already reflect what the product does today.
Operator: Ayman (sole proprietor) — contact: aayman.aid@gmail.com Product: TimeRecord — Chrome extension and web app at timerecord.app
1. What we collect
From the Chrome extension (Free + Premium):
- Root domain (e.g.,
figma.com) of the active browser tab while the timer is ON. - Page title of the active tab.
- Time durations associated with the user-selected Client and Task.
- Idle status from the browser (active / idle) — never keystrokes or mouse content.
We never collect:
- Full URLs or query strings.
- Page contents.
- Domains the user has added to the privacy blacklist.
- Browsing data when the timer is OFF.
From the web app (Premium only):
- Email address (for authentication).
- Encrypted authentication tokens.
- Subscription status (received from Lemon Squeezy webhook).
2. Why we collect it
- To produce accurate timesheets — the core product feature.
- To authenticate Premium users.
- To process subscriptions (delegated to Lemon Squeezy as Merchant of Record).
Lawful basis under GDPR: performance of contract for paid features; legitimate interest for the free extension's local-only tracking.
3. Where data lives
- Free tier: entirely on the user's device via
chrome.storage.local. Nothing leaves the browser. - Premium tier: synced to our backend hosted in the EU (Supabase, region
eu-central-1/ Frankfurt). - Payments: Lemon Squeezy (Merchant of Record). They store name, billing address, and tax data — we receive only the email and subscription state.
4. Sub-processors
| Provider | Purpose | Region |
|---|---|---|
| Supabase | Auth + database for Premium | EU (Frankfurt — eu-central-1) |
| Cloudflare | Web app hosting (Workers + Static Assets) and edge cache for timerecord.app | Global edge (EU points-of-presence prioritised for EU visitors) |
| Lemon Squeezy | Payments, invoicing, tax | US (DPA in place) |
5. Your rights (GDPR)
- Access, rectify, delete, or export your data.
- Withdraw consent at any time.
- Lodge a complaint with your local Data Protection Authority.
To exercise any right, email aayman.aid@gmail.com or use the in-app "Delete account" / "Export data" actions.
6. Retention
- Free tier: until the user clears extension storage.
- Premium tier: while the account is active. Deleted within 30 days of account deletion.
- Backups: rolling 30-day encrypted backups, then purged.
7. Security
- TLS in transit, encryption at rest (provider default).
- No third-party trackers on the extension.
- Periodic security review — see
Security.md.
8. Children
TimeRecord is not directed at children under 16. We do not knowingly collect data from children.
9. Changes
We will append new versions to this document. Past versions remain visible.
10. Contact
Change log
- 2026-04-26 — v1 drafted (not yet published — placeholder pending domain + backend choice).
- 2026-05-06 — §3 backend locked to Supabase (per ADR-004); §4 sub-processors updated: Vercel removed, Cloudflare added (per ADR-009 —
apps/webdeploys to Cloudflare Workers via@opennextjs/cloudflare). Still v1 DRAFT pending operating-entity confirmation before publishing.